使用.pfx证书调用ADFS服务

时间:2015-08-31 00:30:48

标签: php soap saml adfs pfx

我正在尝试连接到ADFS soap服务以接收STS令牌。我收到了.pfx,没有用户名或密码。第一个服务将获取.pfx并给我令牌。然后,我将在后续服务调用中使用该令牌。

我收到了链接:somecompany.com/adfs/services/trust/13/usernamemixed和wsdl。 PHP的内置SOAP功能似乎不支持WS- *功能,因此我不相信我可以像使用普通的soap调用一样使用wsdl。 SimpleSAMLphp似乎面向SP和IdP而不是消费者。我看过其他几个看起来像是调用ADFS服务的库,但它们只使用用户名和密码而不是证书。

我发现看起来像它可以工作的唯一方法是写信封并发布信息,但这在做几个不同的肥皂电话时似乎很乏味。

有没有好的方法/库可以作为消费者调用ADFS服务?

编辑:

WSDL的一部分:

<wsp:Policy wsu:Id="CertificateWSTrustBinding_IWSTrustFeb2005Async_policy">
<wsp:ExactlyOne>
  <wsp:All>
    <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:TransportToken>
          <wsp:Policy>
            <sp:HttpsToken RequireClientCertificate="false"/>
          </wsp:Policy>
        </sp:TransportToken>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic256/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
          <wsp:Policy>
            <sp:Strict/>
          </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
      </wsp:Policy>
    </sp:TransportBinding>
    <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:X509Token sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
          <wsp:Policy>
            <sp:RequireThumbprintReference/>
            <sp:WssX509V3Token10/>
          </wsp:Policy>
        </sp:X509Token>
        <mssp:RsaToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" wsp:Optional="true" xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy"/>
        <sp:SignedParts>
          <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
        </sp:SignedParts>
      </wsp:Policy>
    </sp:EndorsingSupportingTokens>
    <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:MustSupportRefKeyIdentifier/>
        <sp:MustSupportRefIssuerSerial/>
        <sp:MustSupportRefThumbprint/>
        <sp:MustSupportRefEncryptedKey/>
      </wsp:Policy>
    </sp:Wss11>
    <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:MustSupportIssuedTokens/>
        <sp:RequireClientEntropy/>
        <sp:RequireServerEntropy/>
      </wsp:Policy>
    </sp:Trust10>
    <wsaw:UsingAddressing/>
  </wsp:All>
</wsp:ExactlyOne>
 </wsp:Policy>

另一部分:

<wsp:Policy wsu:Id="IssuedTokenWSTrustBinding_IWSTrustFeb2005Async_policy">
<wsp:ExactlyOne>
  <wsp:All>
    <sp:TransportBinding xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:TransportToken>
          <wsp:Policy>
            <sp:HttpsToken RequireClientCertificate="false"/>
          </wsp:Policy>
        </sp:TransportToken>
        <sp:AlgorithmSuite>
          <wsp:Policy>
            <sp:Basic256/>
          </wsp:Policy>
        </sp:AlgorithmSuite>
        <sp:Layout>
          <wsp:Policy>
            <sp:Strict/>
          </wsp:Policy>
        </sp:Layout>
        <sp:IncludeTimestamp/>
      </wsp:Policy>
    </sp:TransportBinding>
    <sp:EndorsingSupportingTokens xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:IssuedToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/AlwaysToRecipient">
          <sp:RequestSecurityTokenTemplate>
            <t:KeyType>http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey</t:KeyType>
            <t:EncryptWith>http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p</t:EncryptWith>
            <t:SignatureAlgorithm>http://www.w3.org/2000/09/xmldsig#rsa-sha1</t:SignatureAlgorithm>
            <t:CanonicalizationAlgorithm>http://www.w3.org/2001/10/xml-exc-c14n#</t:CanonicalizationAlgorithm>
            <t:EncryptionAlgorithm>http://www.w3.org/2001/04/xmlenc#aes256-cbc</t:EncryptionAlgorithm>
          </sp:RequestSecurityTokenTemplate>
          <wsp:Policy>
            <sp:RequireInternalReference/>
          </wsp:Policy>
        </sp:IssuedToken>
        <mssp:RsaToken sp:IncludeToken="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy/IncludeToken/Never" wsp:Optional="true" xmlns:mssp="http://schemas.microsoft.com/ws/2005/07/securitypolicy"/>
        <sp:SignedParts>
          <sp:Header Name="To" Namespace="http://www.w3.org/2005/08/addressing"/>
        </sp:SignedParts>
      </wsp:Policy>
    </sp:EndorsingSupportingTokens>
    <sp:Wss11 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:MustSupportRefKeyIdentifier/>
        <sp:MustSupportRefIssuerSerial/>
        <sp:MustSupportRefThumbprint/>
        <sp:MustSupportRefEncryptedKey/>
      </wsp:Policy>
    </sp:Wss11>
    <sp:Trust10 xmlns:sp="http://schemas.xmlsoap.org/ws/2005/07/securitypolicy">
      <wsp:Policy>
        <sp:MustSupportIssuedTokens/>
        <sp:RequireClientEntropy/>
        <sp:RequireServerEntropy/>
      </wsp:Policy>
    </sp:Trust10>
    <wsaw:UsingAddressing/>
  </wsp:All>
</wsp:ExactlyOne>
 </wsp:Policy>

0 个答案:

没有答案
相关问题
最新问题